The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SpamAssassin scoring anomalies since WHM 11.52

Discussion in 'E-mail Discussions' started by mtindor, Nov 18, 2015.

  1. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    Hello,

    I've got five machines on 11.52 now. Ever since updating to 11.52, some part of the updated SpamAssassin is causing significant amounts of legitimate email to be scored much much higher than it should be.

    My typical configuration:
    a. SpamAssassin enabled per user
    b. Default Spam Score 5
    c. Many customers set SpamAssassin autodelete at somewhere between 5 and 9
    d. DCC / Pyzor / Razor2 / iXhash

    Ever since 11.52 and the newly updated rules and addition of P0f.cf and KAM.cf, I am seeing very significant amounts of email with spam scores well above 10 -- emails that are absolutely legitimate and should never be scoring anywhere near that value.

    I really have to call foul and suspect that something is thoroughly amiss in the current SpamAssassin.

    Sure, many admins/end-users may never be using "auto-delete", and sure if a customer is using "auto-delete" they should be prepared for the possibility of potentially devnull'ing legitimate email. However, historically [for years] I've run this setup this way with nary a complaint from a customer and nary a sign of a false positive devnull. That is, until 11.52 came out.

    Now on some accounts I'm seeing 75% of a customer's legitimate inbound email being devnulled. Even if they set their auto-delete score up to 8, something in SpamAssassin is causing legitimate emails to score so much higher now (10 and above) that it is really wreaking havoc.

    I think somebody at cPanel really needs to look into what is going on. Sure, new spamassassin updates should be nailing more spam -- but it definitely should not be nailing more legitimate email.

    I've got one customer who between Nov 8 and Nov 17 had 1947 legitimate emails devnulled -- emails that were historically always passing through with spam scores well under '5'.

    Does anybody know if there is a way to BULK disable SpamAssassin Autodelete on ALL accounts on the server? When I disable auto-delete, there are going to be tons of emails coming in that the users haven't gotten for the past week and they will have [SPAM] in the subject line. Disabling / adjusting auto-delete will not solve the problem. the problem is somewhere else -- legitimate email should not be scoring so much higher in the spam score.

    Mike
     
  2. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    Disappointed -- both in my self and cPanel.

    In Exim Configuration Manager --> Apache SpamAssassin Options the following are new / enabled by default:

    KAM
    P0F
    BAYES_POISON_DEFENSE
    CPANEL's custom stuff used at CPANEL.NET

    I disabled them all. I'm sure this nifty combination is what has created havoc on my servers, and I don't have time right now to even bother to try to figure out specifics.

    Be forewarned that if you have all of those enabled, you too could very well be having much of your/your customers' legitimate email scored higher than it ought to be.

    mike
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Thank you for taking the time to update this thread with your findings. I've not seen significant negative feedback on the decision to enable these options by default, but I encourage anyone else to voice their concern here if it's resulting in false positives.

    Thank you.
     
  4. Doctored Watson

    Doctored Watson Registered

    Joined:
    Jan 20, 2016
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    London
    cPanel Access Level:
    Root Administrator
    I'm having the same issue, although it's the kam.cf rules that seem to be the main culprit for me. I think some of them are incredibly aggressive, particularly the scoring. Eg, the following scored 9 points due to KAM_COMPROMISED:

    "Hey Watson
    Tried calling you X

    Sent from my iPhone"

    I understand that there is spam that looks like this, but a lot of legitimate email does as well.
     
Loading...

Share This Page